CentOS Update for mysql CESA-2007:1155 centos4 x86_64. MySQL multi-user, multi-threaded SQL database server. Flaws in handling symbolic links and spatial indexes. Upgrade to resolve issues
tag_insight = "MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld), and
many different client programs and libraries.
A flaw was found in a way MySQL handled symbolic links when database tables
were created with explicit "DATA" and "INDEX DIRECTORY" options. An
authenticated user could create a table that would overwrite tables in
other databases, causing destruction of data or allowing the user to
elevate privileges. (CVE-2007-5969)
A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An
authenticated user could create a table with spatial indexes, which are not
supported by the InnoDB engine, that would cause the mysql daemon to crash
when used. This issue only causes a temporary denial of service, as the
mysql daemon will be automatically restarted after the crash.
All mysql users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.";
tag_affected = "mysql on CentOS 4";
tag_solution = "Please Install the Updated Packages.";
